Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-16
CVE-2024-6070 - Before 1 Plugin
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-6070
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5167 - Before 1 Plugin
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack
PLUGIN
Before 1
CVE-2024-5167
Risk Score
Threat Entry
Updated 2025-06-13
CVE-2024-4977 - Before 1 Plugin
The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 1
CVE-2024-4977
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5028 - Before 1 Plugin
The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Before 1
CVE-2024-5028
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4272 - Before 1 Plugin
The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Before 1
CVE-2024-4272
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4269 - Before 1 Plugin
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Before 1
CVE-2024-4269
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4602 - Before 1 Plugin
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-4602
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-3632 - Before 1 Plugin
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Before 1
CVE-2024-3632
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-3963 - Before 1 Plugin
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2024-3963
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3753 - Before 1 Plugin
The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 1
CVE-2024-3753
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3919 - Before 1 Plugin
The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2024-3919
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5811 - Before 1 Plugin
The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-5811
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4753 - Before 1 Plugin
The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-4753
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3112 - Before 1 Plugin
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-3112
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1845 - Before 1 Plugin
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Before 1
CVE-2024-1845
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6026 - Before 1 Plugin
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2024-6026
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3410 - Before 1 Plugin
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-3410
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4627 - Before 1 Plugin
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-4627
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2024-6130 - Before 1 Plugin
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-6130
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3111 - Before 1 Plugin
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues
PLUGIN
Before 1
CVE-2024-3111
Risk Score